Client + Backend, implement refreshToken for OAuth and Credentials + improve password security
sebpalluel opened this issue · comments
- use salted password:
- https://www.mcafee.com/blogs/enterprise/cloud-security/what-is-a-salt-and-how-does-it-make-password-hashing-more-secure/
- https://gist.github.com/azakordonets/e436ccbdb2a4aedac52a
- implement refresh token mechanism for oauth and credentials
- check this tutorial to implement it with google OAuth: https://next-auth.js.org/tutorials/refresh-token-rotation
- Example of how to implement OAuth + credentials with refresh tokens in next auth api route
- Refesh token serverless route: https://github.com/gagnemartin/scrimhub/blob/main/pages/api/auth/refresh.ts
Implemented refresh token only with google provider